Startup CheckRecipient using ML to clean email adresses, raises $2.7M

The discourse around email security is often framed as the bad folk trying to get in, rather than something as simple as human error. And yet, a plethora of high-profile cases in recent years prove that a major data breach can easily be caused by something as simple as a misaddressed email.

Enter: CheckRecipient, a London startup that uses machine learning to help prevent emails from being sent to the wrong recipient. The company is disclosing that it has raised a $2.7 million funding round led jointly by Accel and LocalGlobe. Others participating include Winton Ventures, Amadeus Capital Partners and Crane.

Founded in 2013 by three engineering graduates from Imperial College — Tim Sadler, Tom Adams and Ed Bishop — CheckRecipient’s email security platform uses AI/machine learning to make sure sensitive or confidential data cannot be sent to the wrong individual.

It does this by scanning historical email data to understand conventional usage patterns and behaviors in companies’ email systems. “Using machine learning allows CheckRecipient to spot anomalies and give users a chance to correct problems before sending. Unlike existing rule-based systems or encryption platforms, the system requires no administration or end-user behavior change,” explains the company.

In a brief call, CheckRecipient CEO Tim Sadler gave me a few fairly recent examples of security breaches that could have been potentially stopped by employing the startup’s wares.

For example, an HIV clinic in the U.K. made headlines for accidentally revealing a list of patients diagnosed with the condition via a misdirected email.

Another high-profile breach involves the Google-Waymo/Uber-Otto lawsuit, for which an email sent to the wrong person is a core element to the case.

Email misdirection is, arguably, also an area that companies are going to have to pay more attention to with regards to upcoming EU data regulation. As CheckRecipient is keen to point out, from May 2018, the new EU General Data Protection Regulation will impose a mandatory requirement for organizations to report data breaches involving personal data to the Information Commissioner’s Office (ICO), which can then impose subsequent fines.